[Bug 3397] New: Make internal-sftp the default

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Sun Feb 27 04:31:54 AEDT 2022


https://bugzilla.mindrot.org/show_bug.cgi?id=3397

            Bug ID: 3397
           Summary: Make internal-sftp the default
           Product: Portable OpenSSH
           Version: 8.9p1
          Hardware: All
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: micha at dietpi.com

Currently the standalone OpenSSH sftp-server is used as default SFTP
subsystem. This implies a dependency on the standalone binary and means
that every SFTP connection spawns a new external process, while sshd
ships with the internal-sftp in-process SFTP server, which perform
better especially when dealing with many short duration connections and
simplifies the ChrootDirectory usage to not require any manual /dev
node setup.

Legacy SSH1 clients pass an exact SFTP command, hence will still depend
on any standalone SFTP server, also internal-sftp means that the login
shell is skipped in the first place. But the need for both are edge
cases IMHO, the use of SSH1 IMO worth to be actively discouraged, and
the vast majority of OpenSSH SFTP server admins will benefit from this
change, at least to not require a config change that is part of very
most SFTP guides around the internet, reasonably.

Forgive me if this discussion was already done, but I couldn't find it
within this bug tracker at least.

Reported first at the Debian bug tracker, and was reasonably redirected
here as it is an upstream default: https://bugs.debian.org/1006171

Best regards,

Micha

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list